Windows Hyper-V Remote Code Execution Vulnerability

Plan PatchCVSS 8.4CVE-2026-45607Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

An out-of-bounds read vulnerability in Windows Hyper-V allows an attacker with local access to execute arbitrary code on affected systems. The vulnerability exists across multiple Windows versions and Server editions (Windows 10, Windows 11, Windows Server 2016, 2019, 2022, and 2025). Microsoft has released patches to address this issue.

What this means

What could happen

An attacker with local access to a Windows system running Hyper-V could run code with the same privileges as the operating system, potentially compromising any virtual machines or services running on that hypervisor host.

Who's at risk

Organizations running Windows 10 or Windows 11 workstations, or Windows Server 2016, 2019, 2022, or 2025 as hypervisor hosts should prioritize patching. This is critical for facilities running Hyper-V virtual machines that host SCADA systems, data historians, or other OT applications on virtualized infrastructure.

How it could be exploited

An attacker with local access to a Windows machine running Hyper-V can trigger the out-of-bounds read condition to execute arbitrary code locally. This could be leveraged to compromise the Hyper-V host and any virtual machines it hosts.

Prerequisites

Local access to a Windows system running Hyper-V
No special privileges or credentials required

requires local access (lower remote risk)no authentication required for local useraffects Hyper-V virtualization platformall affected versions have patches available

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (20)

20 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8880

Windows Server 2019All versionsBuild 10.0.17763.8880

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8880

Windows Server 2022All versionsBuild 10.0.20348.5256

Windows Server 2022 (Server Core installation)All versionsBuild 10.0.20348.5256

Remediation & Mitigation

0/8

Schedule — requires maintenance window

0/7

Patching may require device reboot — plan for process interruption

Windows Server 2019

HOTFIXUpdate Windows Server 2019 to Build 10.0.17763.8880 or later

Windows Server 2022

HOTFIXUpdate Windows Server 2022 to Build 10.0.20348.5256 or later

Windows Server 2025

HOTFIXUpdate Windows Server 2025 to Build 10.0.26100.32995 or later

All products

HOTFIXUpdate Windows 10 Version 1809 to Build 10.0.17763.8880 or later

HOTFIXUpdate Windows 10 Version 21H2 to Build 10.0.19044.7417 or later

HOTFIXUpdate Windows 10 Version 22H2 to Build 10.0.19045.7417 or later

HOTFIXUpdate Windows 11 all versions to their respective June 2026 security update builds

Long-term hardening

0/1

HARDENINGRestrict local access to Hyper-V hosts by limiting who can log in locally and disabling unnecessary local accounts

CVEs (1)

CVE-2026-45607

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21b7e852-9afb-49d8-be73-3c451c2aebe0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.